[gatein-issues] [JBoss JIRA] (GTNPORTAL-2412) [XSS] initialURI parameter is vulnerable to script injection
Trong Tran (JIRA)
jira-events at lists.jboss.org
Tue Sep 4 00:26:33 EDT 2012
[ https://issues.jboss.org/browse/GTNPORTAL-2412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Trong Tran updated GTNPORTAL-2412:
----------------------------------
Labels: portal-s68 (was: )
> [XSS] initialURI parameter is vulnerable to script injection
> ------------------------------------------------------------
>
> Key: GTNPORTAL-2412
> URL: https://issues.jboss.org/browse/GTNPORTAL-2412
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: kien nguyen
> Assignee: kien nguyen
> Labels: portal-s68
> Fix For: 3.4.0.Final
>
> Attachments: XSS.png
>
>
> *Step to reproduces:
> Paste this attack vector into address bar & hit Enter
> http://plf-3.5.3-snapshot.acceptance.exoplatform.org/portal/j_security_check?initialURI=%3E%22;%3C/script%3E%3Cscript%3Ealert%28%271%27%29%3C/script%3E&j_username=HelloWorld&j_password=wci-ticket-149642915
> >>> result: pop-up shown (see attachment)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list